ClawHub

Tamper-Proof Audit Trails for Trading Bots

v1.3.1

Tamper-Proof Audit Trails for Trading Bots. EU AI Act, MiFID II, and SEC 17a-4 compliance audit trail implementation for autonomous trading bots. Includes de...

0· 89·0 current·0 all-time
by@mirni
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description (tamper‑proof audit trails for trading bots) align with the declared requirement (AGENT_SIGNING_KEY) used for cryptographic signing. The guide focuses on Merkle chains, event buses, and signed logs which plausibly require an agent signing key.
Instruction Scope
SKILL.md is a detailed educational guide with code examples and webhook forwarding to an external GreenHelix sandbox. That scope is appropriate for a compliance audit‑trail guide, but examples that forward logs or aggregate across exchanges could transmit sensitive trade data or signatures — review any runnable code before executing and confirm examples do not leak private keys or secrets into external endpoints or logs.
Install Mechanism
No install spec and no code files — instruction‑only guides are lowest risk because nothing is written to disk or auto‑installed by the skill itself.
Credentials
Only AGENT_SIGNING_KEY is required and declared as primaryEnv, which is proportionate for signing audit events. However, an Ed25519 private key is a high‑value secret; ensure the guide (and any code you run based on it) does not transmit or store the private key insecurely. Also verify whether code examples require additional exchange/API credentials that aren't declared.
Persistence & Privilege
always:false and no install/config modifications are requested. The skill does not ask for persistent system privileges or to modify other skills; autonomous invocation is allowed by default (normal).
Assessment
This guide is coherent for its stated purpose, but treat the AGENT_SIGNING_KEY as highly sensitive. Before using it: (1) inspect and test code examples in a safe sandbox (the guide references sandbox.greenhelix.net); (2) do not paste your private key into public chat or untrusted tools; (3) prefer using a secure key store or KMS/HSM to sign events rather than exporting the raw private key as an environment variable; (4) review any webhook/forwarding endpoints to ensure they are legitimate and do not log or echo private material; (5) verify whether additional exchange credentials are required by the examples and only provide least‑privilege credentials; and (6) rotate keys immediately if you suspect exposure.

Like a lobster shell, security has layers — review code before you run it.

ai-agentvk97frd40wheng78tmxbg9wcwnh84wgatcompliancevk97frd40wheng78tmxbg9wcwnh84wgateu-ai-actvk97frd40wheng78tmxbg9wcwnh84wgatgreenhelixvk97frd40wheng78tmxbg9wcwnh84wgatguidevk97frd40wheng78tmxbg9wcwnh84wgatlatestvk97frd40wheng78tmxbg9wcwnh84wgatopenclawvk97frd40wheng78tmxbg9wcwnh84wgattrading-botvk97frd40wheng78tmxbg9wcwnh84wgat

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvAGENT_SIGNING_KEY
Primary envAGENT_SIGNING_KEY

Comments